<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第147期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第147期）</strong></h5>
<blockquote> 2016/12/19-2016/12/25</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Web安全工程师微专业<br><a target="_blank" href="http://mooc.study.163.com/smartSpec/detail/1001227001.htm?utm_source=9305777&amp;utm_medium=cps&amp;utm_campaign=affiliate">http://mooc.study.163.com/smartSpec/detail/1001227001.htm?utm_source=9305777&amp;utm_medium=cps&amp;utm_campaign=affiliate</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>2016年网络安全大事记<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651069792&amp;idx=1&amp;sn=cd801051b04cf4b151779b6e5bc54787&amp;chksm=bd14adb38a6324a5ce5eb5c8dcb14c6388b6e21de601272e9e7269d34263e2262326b6cc6695&amp;mpshare=1">https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651069792&amp;idx=1&amp;sn=cd801051b04cf4b151779b6e5bc54787&amp;chksm=bd14adb38a6324a5ce5eb5c8dcb14c6388b6e21de601272e9e7269d34263e2262326b6cc6695&amp;mpshare=1</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>Shadow Brokers再次兜售NSA黑客工具包<br><a target="_blank" href="http://bobao.360.cn/news/detail/3857.html">http://bobao.360.cn/news/detail/3857.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>US State Police Have Spent Millions on Israeli Phone Cracking Tech <br><a target="_blank" href="http://motherboard.vice.com/read/us-state-police-have-spent-millions-on-israeli-phone-cracking-tech-cellebrite">http://motherboard.vice.com/read/us-state-police-have-spent-millions-on-israeli-phone-cracking-tech-cellebrite</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>俄罗斯黑客出售美国选举援助委员会网站权限与数据<br><a target="_blank" href="http://www.mottoin.com/94240.html">http://www.mottoin.com/94240.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>纽约金融监管机构推迟安全规则<br><a target="_blank" href="http://www.cnbc.com/2016/12/21/ny-financial-regulator-to-delay-cybersecurity-rules.html">http://www.cnbc.com/2016/12/21/ny-financial-regulator-to-delay-cybersecurity-rules.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SANS：2016年安全分析调研报告<br><a target="_blank" href="http://yepeng.blog.51cto.com/3101105/1885339">http://yepeng.blog.51cto.com/3101105/1885339</a></div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>互联网安全志愿者联盟：配合执法部门打击网络灰黑产业链<br><a target="_blank" href="http://tv.cctv.com/2016/12/24/VIDEvKOS1muC2zyhFgaBJY9m161224.shtml">http://tv.cctv.com/2016/12/24/VIDEvKOS1muC2zyhFgaBJY9m161224.shtml</a></div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>全面透视|老王逐条解读网络安全法<br><a target="_blank" href="https://www.sec-un.org/4933.html">https://www.sec-un.org/4933.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>北向峰会讲点啥？<br><a target="_blank" href="http://www.aqniu.com/news-views/12677.html">http://www.aqniu.com/news-views/12677.html</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>一个普通白帽子的安全从业之路<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876955&amp;idx=1&amp;sn=09c104ff3aaa466503e44ba2ddc8b2ba&amp;chksm=f3415fb3c436d6a5ca002dc4fa0423f4ed40427b6b9380e41d61a96e229242f4be62fbea5d9d&amp;scene=0&amp;key=564c3e9811aee0ab408698de52d220e9209833f8c59371683268876aa5ce4661716b39afad95e3d54e0e73c7b9624a7dac">https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876955&amp;idx=1&amp;sn=09c104ff3aaa466503e44ba2ddc8b2ba&amp;chksm=f3415fb3c436d6a5ca002dc4fa0423f4ed40427b6b9380e41d61a96e229242f4be62fbea5d9d&amp;scene=0&amp;key=564c3e9811aee0ab408698de52d220e9209833f8c59371683268876aa5ce4661716b39afad95e3d54e0e73c7b9624a7dac</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>王琦：一个极致主义者的从零到一 <br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876881&amp;idx=1&amp;sn=7f867c97ac4c0f358846cbfee5e7259a&amp;chksm=f3415f79c436d66ff110e521f2a8076dd19069f418cf41abac07ebb8894716e5600006c75bcf&amp;scene=0&amp;key=564c3e9811aee0abc6a88e647fdeb8154f916928a55b8adfc5e02e3c302a7c73647ae55bd69130c0d4d8ff520b549e11ac">https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652876881&amp;idx=1&amp;sn=7f867c97ac4c0f358846cbfee5e7259a&amp;chksm=f3415f79c436d66ff110e521f2a8076dd19069f418cf41abac07ebb8894716e5600006c75bcf&amp;scene=0&amp;key=564c3e9811aee0abc6a88e647fdeb8154f916928a55b8adfc5e02e3c302a7c73647ae55bd69130c0d4d8ff520b549e11ac</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>FBI逮捕DDoS僵尸网络的租赁者<br><a target="_blank" href="http://www.solidot.org/story?sid=50788">http://www.solidot.org/story?sid=50788</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>美国在抓捕俄罗斯黑客上面临重重困难 <br><a target="_blank" href="http://www.solidot.org/story?sid=50791">http://www.solidot.org/story?sid=50791</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>偷情网站 Ashley Madison 因数据泄露被罚160万美元<br><a target="_blank" href="http://www.aqniu.com/news-views/21813.html">http://www.aqniu.com/news-views/21813.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>迪拜警方开始使用犯罪预测软件<br><a target="_blank" href="http://www.solidot.org/story?sid=50846">http://www.solidot.org/story?sid=50846</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>西电与360公司合作共建网络安全创新研究院<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzAwNDgwMTY5MQ==&amp;mid=2657419072&amp;idx=1&amp;sn=cc6a86099eb599f18a7e97e3371879be&amp;chksm=80b60ab4b7c183a25018aed376e018b68184ded3ae1f8f69bfefc9f65caec1347edbf687e331&amp;mpshare=1&amp;scene=2&amp;srcid=1220joEa5ITjndEe1rwbNwzJ&amp;from=timeline&amp;key=564c3e9811aee0ab371db1b6d5d952f0d09a99457ec">https://mp.weixin.qq.com/s?__biz=MzAwNDgwMTY5MQ==&amp;mid=2657419072&amp;idx=1&amp;sn=cc6a86099eb599f18a7e97e3371879be&amp;chksm=80b60ab4b7c183a25018aed376e018b68184ded3ae1f8f69bfefc9f65caec1347edbf687e331&amp;mpshare=1&amp;scene=2&amp;srcid=1220joEa5ITjndEe1rwbNwzJ&amp;from=timeline&amp;key=564c3e9811aee0ab371db1b6d5d952f0d09a99457ec</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>cobaltstrike3.6 破解版<br><a target="_blank" href="http://evi1cg.me/archives/CobaltStrike_3_6_Cracked.html">http://evi1cg.me/archives/CobaltStrike_3_6_Cracked.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>文件上传漏洞绕过方法<br><a target="_blank" href="https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/">https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从“小白”到“白帽子黑客”的实用指南<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzIxNDI0MDAxNg==&amp;mid=100000063&amp;idx=1&amp;sn=6ca03d6092bf79412b2baf5b1b174b08&amp;chksm=17abdf4020dc5656476">http://mp.weixin.qq.com/s?__biz=MzIxNDI0MDAxNg==&amp;mid=100000063&amp;idx=1&amp;sn=6ca03d6092bf79412b2baf5b1b174b08&amp;chksm=17abdf4020dc5656476</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WeCenter 3.1.9 存储 XSS漏洞分析<br><a target="_blank" href="http://linux.im/2016/12/22/WeCenter-319-Stored-XSS-Vuln.html">http://linux.im/2016/12/22/WeCenter-319-Stored-XSS-Vuln.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>巡风：企业内网的漏洞快速应急巡航扫描系统（附Docker版本）<br><a target="_blank" href="http://www.mottoin.com/94253.html">http://www.mottoin.com/94253.html</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>安全顶会 NDSS 2017 接收论文列表 <br><a target="_blank" href="http://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/ndss-2017-programme">http://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/ndss-2017-programme</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>DSVW: Damn Small Vulnerable Web(小型靶场一枚)<br><a target="_blank" href="https://github.com/stamparm/DSVW">https://github.com/stamparm/DSVW</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>XGBoost, LightGBM性能大对比<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMDA1MTM3Mg==&amp;mid=2653077671&amp;idx=2&amp;sn=52242203da8cbcc007558d19bc79b1a6&amp;chksm=f36f3be4c418b2f2b907a932703dab122327dd5519181429d10f9bf681cce6c1d921921ffc08&amp;mpshare=1&amp;scene=2&amp;srcid=1221aPaK1shSu2ZBvdg6mfJ8&amp;from=timeline&amp;key=564c3e9811aee0ab0d4dc0f8db7071f8cba623eb13d">https://mp.weixin.qq.com/s?__biz=MzIzMDA1MTM3Mg==&amp;mid=2653077671&amp;idx=2&amp;sn=52242203da8cbcc007558d19bc79b1a6&amp;chksm=f36f3be4c418b2f2b907a932703dab122327dd5519181429d10f9bf681cce6c1d921921ffc08&amp;mpshare=1&amp;scene=2&amp;srcid=1221aPaK1shSu2ZBvdg6mfJ8&amp;from=timeline&amp;key=564c3e9811aee0ab0d4dc0f8db7071f8cba623eb13d</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>poseidon: 360公司日志搜索平台「开源」<br><a target="_blank" href="https://github.com/Qihoo360/poseidon">https://github.com/Qihoo360/poseidon</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>基于谷歌SSL透明证书的子域名查询脚本<br><a target="_blank" href="https://github.com/We5ter/GSDF">https://github.com/We5ter/GSDF</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>iOS安全审计入门<br><a target="_blank" href="http://www.freebuf.com/articles/terminal/123098.html">http://www.freebuf.com/articles/terminal/123098.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>awesome-ml-for-cybersecurity: Machine Learning for Cyber Security<br><a target="_blank" href="https://github.com/jivoi/awesome-ml-for-cybersecurity#awesome-machine-learning-for-cyber-security-">https://github.com/jivoi/awesome-ml-for-cybersecurity#awesome-machine-learning-for-cyber-security-</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>MySQL大表优化方案<br><a target="_blank" href="https://segmentfault.com/a/1190000006158186">https://segmentfault.com/a/1190000006158186</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>xunfeng: 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统<br><a target="_blank" href="https://github.com/ysrc/xunfeng">https://github.com/ysrc/xunfeng</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Tengine WAF 实践<br><a target="_blank" href="http://www.mottoin.com/94365.html">http://www.mottoin.com/94365.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>使用Hashcat破解外国字符构成的密码的终极指南<br><a target="_blank" href="http://drops.wiki/index.php/2016/12/21/hashcat/">http://drops.wiki/index.php/2016/12/21/hashcat/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>CloudFlare_enum：使用CloudFlare进行子域名枚举的脚本<br><a target="_blank" href="http://www.mottoin.com/94481.html">http://www.mottoin.com/94481.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>openresty最佳实践笔记<br><a target="_blank" href="http://snoopyxdy.blog.163.com/blog/static/601174402016111434342439">http://snoopyxdy.blog.163.com/blog/static/601174402016111434342439</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BurpSuite插件分享：基于Python的Web应用Fuzzing插件PyJFuzz<br><a target="_blank" href="http://www.mottoin.com/94302.html">http://www.mottoin.com/94302.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Splunk大数据分析经验分享：从入门到夺门而逃<br><a target="_blank" href="http://www.freebuf.com/articles/database/123006.html">http://www.freebuf.com/articles/database/123006.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>RASscan: 内网端口极速扫描器<br><a target="_blank" href="https://github.com/RASSec/RASscan">https://github.com/RASSec/RASscan</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>F_A_S_T扫描器: 定向全自动化渗透测试<br><a target="_blank" href="https://github.com/RASSec/pentestEr_Fully-automatic-scanner">https://github.com/RASSec/pentestEr_Fully-automatic-scanner</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>FuzzySec：Windows Kernel Exploitation: Integer Overflow <br><a target="_blank" href="http://www.fuzzysecurity.com/tutorials/expDev/18.html">http://www.fuzzysecurity.com/tutorials/expDev/18.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Docker for win10下使用ubuntu安装DVWA-1.9<br><a target="_blank" href="http://www.mottoin.com/94363.html">http://www.mottoin.com/94363.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>FCN: 一款傻瓜式的一键接入私有网络的工具<br><a target="_blank" href="https://github.com/boywhp/fcn">https://github.com/boywhp/fcn</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>不一样的HTTP Headers (一)<br><a target="_blank" href="http://www.mottoin.com/93711.html">http://www.mottoin.com/93711.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Whitewidow：自动化SQL漏洞扫描器<br><a target="_blank" href="http://www.mottoin.com/94222.html">http://www.mottoin.com/94222.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>HG533路由器分析教程之找到硬件调试接口<br><a target="_blank" href="http://drops.wiki/index.php/2016/12/22/hg533/">http://drops.wiki/index.php/2016/12/22/hg533/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>安全系统建设心路<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&amp;mid=2652277732&amp;idx=1&amp;sn=abe118d87f769d8fdec9698fab911b3f&amp;chksm=f7486270c03feb6691ff8830754e7db3765b7680723ceb7ae5f4c21a854878514c384ead0595">https://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&amp;mid=2652277732&amp;idx=1&amp;sn=abe118d87f769d8fdec9698fab911b3f&amp;chksm=f7486270c03feb6691ff8830754e7db3765b7680723ceb7ae5f4c21a854878514c384ead0595</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>开启TCP BBR拥塞控制算法<br><a target="_blank" href="https://github.com/iMeiji/shadowsocks_install/wiki/%E5%BC%80%E5%90%AFTCP-BBR%E6%8B%A5%E5%A1%9E%E6%8E%A7%E5%88%B6%E7%AE%97%E6%B3%95">https://github.com/iMeiji/shadowsocks_install/wiki/%E5%BC%80%E5%90%AFTCP-BBR%E6%8B%A5%E5%A1%9E%E6%8E%A7%E5%88%B6%E7%AE%97%E6%B3%95</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浅谈Web安全验证码 <br><a target="_blank" href="http://blog.nsfocus.net/discussion-web-security-authentication-code/">http://blog.nsfocus.net/discussion-web-security-authentication-code/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Docker — 从入门到实践<br><a target="_blank" href="https://github.com/yeasy/docker_practice">https://github.com/yeasy/docker_practice</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>基于文件特征的Android模拟器检测（附实现代码下载）<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4MzI4MDg1NA==&amp;mid=2247483773&amp;idx=1&amp;sn=d654e17c9c3b5e689f9ac04a45a8f993&amp;chksm=eb8c55c4dcfbdcd2a1bf2d0ef9446684291ee82930b8a0d8e7b55cd9a7178039e0b2559502d4&amp;mpshare=1&amp;scene=1&amp;srcid=12195FpjYzbz2LJMuBkTtvbY">https://mp.weixin.qq.com/s?__biz=MzI4MzI4MDg1NA==&amp;mid=2247483773&amp;idx=1&amp;sn=d654e17c9c3b5e689f9ac04a45a8f993&amp;chksm=eb8c55c4dcfbdcd2a1bf2d0ef9446684291ee82930b8a0d8e7b55cd9a7178039e0b2559502d4&amp;mpshare=1&amp;scene=1&amp;srcid=12195FpjYzbz2LJMuBkTtvbY</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>一些有用的取证工具<br><a target="_blank" href="https://www.peerlyst.com/posts/some-useful-forensics-tools-for-your-forensics-investigation-adminadmin">https://www.peerlyst.com/posts/some-useful-forensics-tools-for-your-forensics-investigation-adminadmin</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>FCN P2P通信原理<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404054853990141449">http://weibo.com/ttarticle/p/show?id=2309404054853990141449</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Engineering Security Through Uber&#039;s Custom Email IDS<br><a target="_blank" href="http://eng.uber.com/custom-email-ids/">http://eng.uber.com/custom-email-ids/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Mimikatz Delivery via ClickOnce with URL Parameters<br><a target="_blank" href="http://subt0x10.blogspot.com/2016/12/mimikatz-delivery-via-clickonce-with.html">http://subt0x10.blogspot.com/2016/12/mimikatz-delivery-via-clickonce-with.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Harbor: 基于Docker Distribution的企业级Registry服务<br><a target="_blank" href="http://vmware.github.io/harbor/index_cn.html">http://vmware.github.io/harbor/index_cn.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>自动化、安全分析和人工智能，从Gartner预测看网络安全新规则<br><a target="_blank" href="http://www.freebuf.com/articles/neopoints/123545.html">http://www.freebuf.com/articles/neopoints/123545.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>美国国家学术出版社所有PDF图书开放免费下载<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5NTA2NDY5Mg==&amp;mid=202072231&amp;idx=3&amp;sn=7347ed72a209f0395e82d49d5fef30d1&amp;mpshare=1&amp;scene=1&amp;srcid=1222U2OLJ7LrcZoRl14R4ZBg&amp;key=564c3e9811aee0ab98bf5d003b3d7a069520af0c239b90f87f34d074c9c7807a9d04e8c5c425a961134387b36e5e6f438ac541adcd5c15af7555e7aea969dd905bae153d2b0d7">https://mp.weixin.qq.com/s?__biz=MjM5NTA2NDY5Mg==&amp;mid=202072231&amp;idx=3&amp;sn=7347ed72a209f0395e82d49d5fef30d1&amp;mpshare=1&amp;scene=1&amp;srcid=1222U2OLJ7LrcZoRl14R4ZBg&amp;key=564c3e9811aee0ab98bf5d003b3d7a069520af0c239b90f87f34d074c9c7807a9d04e8c5c425a961134387b36e5e6f438ac541adcd5c15af7555e7aea969dd905bae153d2b0d7</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Dnsteal：一个利用DNS请求传输文件的工具<br><a target="_blank" href="http://www.mottoin.com/94437.html">http://www.mottoin.com/94437.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Writing Burp Extensions (Shodan Scanner)<br><a target="_blank" href="http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanner/">http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanner/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>2016年Exploit Kits漏洞TOP 10分析 <br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&amp;mid=2651062549&amp;idx=1&amp;sn=26c4b0a90108a754867e1af4194d7f8f&amp;chksm=bd1f939e8a681a88f863f2b6325a429e83d811d0b724ed69421522be5b13fc854484e0eff2e9&amp;scene=0">https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&amp;mid=2651062549&amp;idx=1&amp;sn=26c4b0a90108a754867e1af4194d7f8f&amp;chksm=bd1f939e8a681a88f863f2b6325a429e83d811d0b724ed69421522be5b13fc854484e0eff2e9&amp;scene=0</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>秒爆十万字典：奇葩技巧快速枚举“一句话后门”密码<br><a target="_blank" href="http://www.freebuf.com/sectool/122169.html">http://www.freebuf.com/sectool/122169.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Paper: Spreading techniques used by malware<br><a target="_blank" href="https://www.virusbulletin.com/blog/2016/december/paper-spreading-techniques-used-malware/">https://www.virusbulletin.com/blog/2016/december/paper-spreading-techniques-used-malware/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Telephony拒绝服务漏洞（CVE-2016-6763）分析<br><a target="_blank" href="http://drops.wiki/index.php/2016/12/20/android-telephony/">http://drops.wiki/index.php/2016/12/20/android-telephony/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Python股市数据分析教程<br><a target="_blank" href="https://yq.aliyun.com/articles/66878">https://yq.aliyun.com/articles/66878</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>awesome-windows-exploitation: Windows Exploitation resources<br><a target="_blank" href="https://github.com/enddo/awesome-windows-exploitation">https://github.com/enddo/awesome-windows-exploitation</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>用树莓派搭建小型honeynet<br><a target="_blank" href="http://www.mottoin.com/94306.html">http://www.mottoin.com/94306.html</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第146期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/146">https://www.sec-wiki.com/weekly/146</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>A Good User Interface 好的用户界面设计该如何做<br><a target="_blank" href="http://goodui.org/">http://goodui.org/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>A collection of JavaScript engine CVEs with PoCs<br><a target="_blank" href="https://github.com/tunz/js-vuln-db">https://github.com/tunz/js-vuln-db</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>ThreatHunting Project：Hunting for adversaries in your IT environment<br><a target="_blank" href="http://www.threathunting.net/">http://www.threathunting.net/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Docker网络隔离初步设想 <br><a target="_blank" href="http://vipdocker.com/2016/09/14/docker-network-isolation/">http://vipdocker.com/2016/09/14/docker-network-isolation/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>词法分析器的实现<br><a target="_blank" href="http://www.cnblogs.com/yanlingyin/archive/2012/04/17/2451717.html">http://www.cnblogs.com/yanlingyin/archive/2012/04/17/2451717.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Threat model for firmware security<br><a target="_blank" href="http://media.weibo.cn/article?id=2309404056293743685964&amp;jumpfrom=weibocom&amp;luicode=10000370&amp;from=timeline">http://media.weibo.cn/article?id=2309404056293743685964&amp;jumpfrom=weibocom&amp;luicode=10000370&amp;from=timeline</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>IOActive研究员声称可入侵松下机载娱乐系统<br><a target="_blank" href="http://www.freebuf.com/vuls/123712.html">http://www.freebuf.com/vuls/123712.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>A Lightweight, Compact, No-Nonsense ATM Malware<br><a target="_blank" href="http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweight-compact-no-nonsense-atm-malware/">http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweight-compact-no-nonsense-atm-malware/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>样本逆向中系统调用的识别方法<br><a target="_blank" href="http://rootkiter.com/2016/12/18/%E6%A0%B7%E6%9C%AC%E9%80%86%E5%90%91%E4%B8%AD%E7%B3%BB%E7%BB%9F%E8%B0%83%E7%94%A8%E7%9A%84%E8%AF%86%E5%88%AB%E6%96%B9%E6%B3%95.html">http://rootkiter.com/2016/12/18/%E6%A0%B7%E6%9C%AC%E9%80%86%E5%90%91%E4%B8%AD%E7%B3%BB%E7%BB%9F%E8%B0%83%E7%94%A8%E7%9A%84%E8%AF%86%E5%88%AB%E6%96%B9%E6%B3%95.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>谈谈HSTS超级Cookie<br><a target="_blank" href="http://blog.csdn.net/u011721501/article/details/53849064">http://blog.csdn.net/u011721501/article/details/53849064</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>利用Python实现knn算法<br><a target="_blank" href="http://computational-communication.com/python-knn/">http://computational-communication.com/python-knn/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MongoDB安全 – PHP注入攻击<br><a target="_blank" href="http://www.mottoin.com/94341.html">http://www.mottoin.com/94341.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>The Kings In Your Castle Part 5: APT correlation and do-it-yourself threat resea<br><a target="_blank" href="https://cyber.wtf/2016/12/15/the-kings-in-your-castle-part-5-apt-correlation-and-do-it-yourself-threat-research/">https://cyber.wtf/2016/12/15/the-kings-in-your-castle-part-5-apt-correlation-and-do-it-yourself-threat-research/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Learning From A Year of Security Breaches<br><a target="_blank" href="https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.xobwljx47">https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.xobwljx47</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Oracle酒店管理平台的远程命令执行和持卡人数据泄漏漏洞分析（CVE-2016-5663/4/5）<br><a target="_blank" href="http://www.mottoin.com/94271.html">http://www.mottoin.com/94271.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Bottle HTTP 头注入漏洞探究<br><a target="_blank" href="https://www.leavesongs.com/PENETRATION/bottle-crlf-cve-2016-9964.html">https://www.leavesongs.com/PENETRATION/bottle-crlf-cve-2016-9964.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Law Enforcement Use of Cell-Site Simulation Technologies: Privacy Concerns and R<br><a target="_blank" href="https://info.publicintelligence.net/US-CellSiteSimulatorsPrivacy.pdf">https://info.publicintelligence.net/US-CellSiteSimulatorsPrivacy.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Disclosing the Primary Email address for each Facebook user<br><a target="_blank" href="http://www.dawgyg.com/2016/12/21/disclosing-the-primary-email-address-for-each-facebook-user/">http://www.dawgyg.com/2016/12/21/disclosing-the-primary-email-address-for-each-facebook-user/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>如何通过TensorFlow实现深度学习算法并运用到企业实践中 <br><a target="_blank" href="http://dataunion.org/26671.html">http://dataunion.org/26671.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>小威“扫毒”记<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&amp;mid=2651060913&amp;idx=1&amp;sn=dcaca141a8ab0e38a2c160c3916dea74&amp;chksm=80e1e001b7966917e735fe0f2c0144214853d05bb5d32d9e15dd7eed436db440f6ce3bbe9784&amp;mpshare=1&amp;scene=1&amp;srcid=1220ViejfQoILn27MNxFpWHw&amp;key=564c3e9811aee0aba2cf7b6489a62b7a73c7d3b99a68e8c29b70d9738">https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&amp;mid=2651060913&amp;idx=1&amp;sn=dcaca141a8ab0e38a2c160c3916dea74&amp;chksm=80e1e001b7966917e735fe0f2c0144214853d05bb5d32d9e15dd7eed436db440f6ce3bbe9784&amp;mpshare=1&amp;scene=1&amp;srcid=1220ViejfQoILn27MNxFpWHw&amp;key=564c3e9811aee0aba2cf7b6489a62b7a73c7d3b99a68e8c29b70d9738</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>dns recon &amp; research, find &amp; lookup dns records<br><a target="_blank" href="https://dnsdumpster.com/">https://dnsdumpster.com/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Learning From A Year of Security Breaches – Starting Up Security<br><a target="_blank" href="https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.23b72hmck">https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.23b72hmck</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/147">SecWiki周刊(第147期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
